A basic objective of information technology (IT) access control is to facilitate access to computing resources for authorized users and to deny access for unauthorized users. Enterprises of all sizes today face tremendous challenges in governing access control, including the difficulty for current IT access control systems and processes in scaling up and staying up-to-date with the most accurate access control parameters and profiles. In particular, maintaining the appropriate level of access to IT resources based on, e.g., job roles and related functions can become impractical due to the dynamic and global nature of today's workforce and the ever-shrinking lifecycle of IT resources. Entitlement to IT resources changes constantly and often loses its original or intended meaning.
The above challenges have some undesired consequences. First, governing access control inevitably involves processes that require heavy manual intervention to keep up with changes in both the user attributes and resource attributes. Secondly, as users move within the organization and change status or job functions, their access profiles do not typically change quickly enough to reflect their new status, resulting in weakened security control against unauthorized access. In the worst-case scenario, neither the users themselves nor the people who review and grant access understand what the entitlement actually means.